Keith, The front door lock on your house is pickable and can be picked within a minute by anyone who spends some time learning about lockpicking. Yet we sell tens of thousands of those locks at Home Depot every day. Why?
When will you realize that encryption is nothing more than a front door lock that is intended to keep honest people honest, and define what private property is? The problem with encryption is the expectations the general public has for it. And that's because the general public are a bunch of amateurs who are playing around with something they don't really understand. When a business buys a truck they intend to use it for a specific lifetime then discard it. When the military encrypts a transmission they intend it to be locked down for a specific lifetime and then after that they discard it. It might be useful to historians studying past battles but that's it. When a business wants to secure something important they buy a lock that is far more difficult to pick or to cut off than the front door lock on your home. But ultimately they know that it merely delays access to whatever it is they are locking. Its only the amateur general public who is under the impression that once they lock/encrypt something it's supposed to be locked/encrypted forever. Ted -----Original Message----- From: PLUG <[email protected]> On Behalf Of Keith Lofstrom Sent: Wednesday, October 30, 2024 7:38 PM To: [email protected] Subject: [PLUG] October IEEE Spectrum, Post-quantum Crypto Standards I post this in PLUG rather than PLUG TALK because some of you may have technical suggestions about how we encrypt messages and configure our Linux systems to thrive in the "Post-Quantum World". The October issue of the IEEE Spectrum magazine has a sobering news article: "Cryptographic Standards for a Post-Quantum World" https://spectrum.ieee.org/post-quantum-cryptography-2668949802 BTW, that article should be publically readable; if you cannot access it, you can sign up for free access to IEEE Spectrum and other open-content IEEE journals. I'm an IEEE "life member"; my age plus years of membership exceeds 100. Maybe I will sign up my never-a-member 106-yo father-in-law; he might get six years of back issues. :-) ---- The gist of the article is that large scale quantum computers may not arrive for a decade or two, but when they do, they will be able to crack existing "computationally secure" encryption schemes like RSA, ECC (elliptic curve), PGP, etc. So, NIST is developing Post-Quantum Cryptography Standards based on new methods like "Lattice Cryptography" https://en.wikipedia.org/wiki/Lattice-based_cryptography ... and releasing them for evaluation and testing. BUT THE MAIN POINT OF THE ARTICLE is that all the encrypted files in public cyberspace using current methods will eventually be readable, even without the discovery of a design flaw in those methods. For example, if the encrypted OpenVPN packets between my home network and my Rimuhosting webserver in Dallas are captured and stored by a third party, they may be decrypted in the future. I will probably be dead that happens, but it will occur during the lifetime of younger PLUG members. Bitcoin is built on cryptography. Love it or hate it, it is increasingly woven into the world's monetary systems. Anyway, something to keep in mind, discuss, plan for. Keith L. -- Keith Lofstrom [email protected]
